Vulnerabilities in ozwpan driver causes a crash of the Linux kernel

The first and second problems are associated with access outside the buffer due to incorrect handling signed integers, the third problem caused by the conditions under which performs a division by zero, the fourth problem leads to an infinite loop, the fifth issue is caused by the ability to read from the areas outside the bounds of the allocated buffer. To demonstrate the existence of vulnerabilities prepared prototypes of exploits.

The risk of identified vulnerabilities compensates for the rather specific nature of the ozwpan driver, which is used in rare cases and has the status of an experimental (staging), as well as the need to send packets at the data link layer within a single LAN segment. The ozwpan driver provides an implementation of the USB host controller, which is a physical device connection, interaction with peripherals is via Wi-Fi. The driver can be paired with existing wireless devices that are compatible with the technology Ozmo Devices (Wi-Fi Direct). The method of operation is reduced to convert the USB commands to the Protocol of the second level of the network model with subsequent transfer in the form of packages with type (ethertype) 0x892e. The driver accepts these packets, parses them and converts to the USB functionality.